Vulnerability Note VU#174119
Solarwinds Network Performance Monitor 10.2.2 contains multiple vulnerabilities
Solarwinds Network Performance Monitor 10.2.2 and possibly earlier versions contain a cross-site scripting (XSS), and cross-site request forgery (CSRF) vulnerability.
A remote unauthenticated attacker may obtain sensitive information, cause a denial of service condition or execute arbitrary code with the privileges of the application.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|SOLARWINDS||Affected||25 Jun 2012||03 Aug 2012|
CVSS Metrics (Learn More)
Thanks to Offensive Security for reporting these vulnerabilities.
This document was written by Jared Allar.
- CVE IDs: CVE-2012-2602 CVE-2012-2577
- Date Public: 20 Jul 2012
- Date First Published: 03 Aug 2012
- Date Last Updated: 14 Aug 2014
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.